Security testing cyber lab

BSI has developed an industrial control cyber lab, a specialist facility designed to test the security of industrial control systems.

Our cyber lab provides a controlled environment prepared for testing many different elements relating to Industrial Control Systems (ICS) and Internet of Things (IoT).

The lab is managed by a team of Operation Technology (OT) experts who possess specialist IT security knowledge, so they can add real value to the test results. 


Cyber testing services provided

Vulnerability discovery

A wide range of industrial control and IoT devices can be tested, in order to expose vulnerabilities. Methods for vulnerability discovery provided by our cyber lab include:

  • Penetration testing
  • Fuzz testing
  • White box / black box testing

Code analysis

Code analysis can be applied to industrial control and IoT devices, to ensure the appropriate sanitization. Applications we examine include:

  • Control logic analysis (for industrial control devices)
  • OWASP benchmarking

Vulnerability remediation

To countermeasure the vulnerability findings, we provide remediation in the form of:

  • Physical controls
  • Architecture best practices

Testing a wide variety of hardware, software and protocols

Our cyber testing team can examine a variety of hardware, software and protocols.

Hardware:

  • Control devices: PLCs, RTUs, and DCUs
  • Control network devices: I/O concentrators, control servers
  • IoT: smart meters, smart domestic devices

Protocols:

  • SCADA: Modbus, DNP3, IEC 60870, Profinet
  • Wireless: Wi-Fi, Bluetooth, ZigBee

Software:

  • SCADA software
  • Web applications
  • Mobile applications


eDiscovery and digital forensics

Our consultants take a comprehensive approach to managing digital investigations. We leverage specialist skills, proven experience and advanced technology to deliver forensically sound results. Our digital investigations are carried out in our ISO/IEC 27001 certified laboratory, ensuring data security and client confidentiality are maintained at all times. 

Our eDiscovery and digital forensics security testing lab is controlled within a sandboxed network and used to conduct:  

  • Malware analysis
  • SCADA forensics
  • Secure code development 
  • Data collection from cloud based sources